@mantiq/oauth 0.1.0 → 0.2.0-rc.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mantiq/oauth",
-  "version": "0.1.0",
+  "version": "0.2.0-rc.2",
   "description": "OAuth 2.0 server — authorization code (PKCE), client credentials, JWT access tokens, scopes",
   "type": "module",
   "license": "MIT",
@@ -14,12 +14,30 @@
   "bugs": {
     "url": "https://github.com/mantiqjs/mantiq/issues"
   },
-  "keywords": ["mantiq", "oauth", "oauth2", "jwt", "authorization", "token"],
-  "engines": { "bun": ">=1.1.0" },
+  "keywords": [
+    "mantiq",
+    "oauth",
+    "oauth2",
+    "jwt",
+    "authorization",
+    "token"
+  ],
+  "engines": {
+    "bun": ">=1.1.0"
+  },
   "main": "./src/index.ts",
   "types": "./src/index.ts",
-  "exports": { ".": { "bun": "./src/index.ts", "default": "./src/index.ts" } },
-  "files": ["src/", "package.json", "README.md"],
+  "exports": {
+    ".": {
+      "bun": "./src/index.ts",
+      "default": "./src/index.ts"
+    }
+  },
+  "files": [
+    "src/",
+    "package.json",
+    "README.md"
+  ],
   "scripts": {
     "build": "bun build ./src/index.ts --outdir ./dist --target bun --packages=external",
     "test": "bun test",
@@ -37,5 +55,8 @@
     "@mantiq/core": "workspace:*",
     "@mantiq/database": "workspace:*",
     "@mantiq/auth": "workspace:*"
+  },
+  "mantiq": {
+    "provider": "OAuthServiceProvider"
   }
 }

package/src/OAuthServiceProvider.ts

@@ -1,4 +1,4 @@
-import { ServiceProvider, ConfigRepository } from '@mantiq/core'
+import { ServiceProvider, ConfigRepository, HttpKernel } from '@mantiq/core'
 import type { Router } from '@mantiq/core'
 import { ROUTER } from '@mantiq/core'
 import { AuthManager } from '@mantiq/auth'
@@ -15,6 +15,11 @@ import { RefreshTokenGrant } from './grants/RefreshTokenGrant.ts'
 import { PersonalAccessGrant } from './grants/PersonalAccessGrant.ts'
 import { oauthRoutes } from './routes/oauthRoutes.ts'
 import { OAUTH_SERVER } from './helpers/oauth.ts'
+import { registerCommands } from '@mantiq/cli'
+import { OAuthClientCommand } from './commands/OAuthClientCommand.ts'
+import { OAuthInstallCommand } from './commands/OAuthInstallCommand.ts'
+import { OAuthKeysCommand } from './commands/OAuthKeysCommand.ts'
+import { OAuthPurgeCommand } from './commands/OAuthPurgeCommand.ts'
 import { readFile } from 'node:fs/promises'
 
 const DEFAULT_CONFIG: OAuthConfig = {
@@ -85,5 +90,27 @@ export class OAuthServiceProvider extends ServiceProvider {
     } catch {
       // Router not available
     }
+
+    // Register middleware aliases
+    try {
+      const kernel = this.app.make(HttpKernel)
+      kernel.registerMiddleware('scopes', CheckScopes as any)
+      kernel.registerMiddleware('scope', CheckForAnyScope as any)
+      kernel.registerMiddleware('client', CheckClientCredentials as any)
+    } catch {
+      // HttpKernel may not be available in non-HTTP contexts
+    }
+
+    // Register commands
+    try {
+      registerCommands([
+        new OAuthClientCommand(),
+        new OAuthInstallCommand(),
+        new OAuthKeysCommand(),
+        new OAuthPurgeCommand(),
+      ])
+    } catch {
+      // @mantiq/cli may not be available
+    }
   }
 }

package/src/grants/GrantHandler.ts

@@ -4,8 +4,8 @@ export interface OAuthTokenResponse {
   token_type: 'Bearer'
   expires_in: number
   access_token: string
-  refresh_token?: string
-  scope?: string
+  refresh_token?: string | undefined
+  scope?: string | undefined
 }
 
 export interface GrantHandler {

package/src/jwt/JwtPayload.ts

@@ -1,9 +1,9 @@
 export interface JwtPayload {
-  iss?: string
-  sub?: string
-  aud?: string
-  exp?: number
-  iat?: number
-  jti?: string
-  scopes?: string[]
+  iss?: string | undefined
+  sub?: string | undefined
+  aud?: string | undefined
+  exp?: number | undefined
+  iat?: number | undefined
+  jti?: string | undefined
+  scopes?: string[] | undefined
 }

package/src/jwt/JwtSigner.ts

@@ -1,7 +1,7 @@
 import type { JwtPayload } from './JwtPayload.ts'
 import { base64UrlEncode, base64UrlDecode, base64UrlEncodeString } from './JwtEncoder.ts'
 
-const ALGORITHM: RsaHashedImportParams = {
+const ALGORITHM: { name: string; hash: string } = {
   name: 'RSASSA-PKCS1-v1_5',
   hash: 'SHA-256',
 }
@@ -74,7 +74,7 @@ export class JwtSigner {
       const valid = await crypto.subtle.verify(
         ALGORITHM.name,
         this.publicKey,
-        signature,
+        signature as any,
         data,
       )
 

package/src/models/AccessToken.ts

@@ -4,7 +4,9 @@ export class AccessToken extends Model {
   static override table = 'oauth_access_tokens'
   static override keyType = 'string' as const
   static override incrementing = false
+  static override guarded = [] as string[]
   static override fillable = [
+    'id',
     'user_id',
     'client_id',
     'name',

package/src/models/AuthCode.ts

@@ -4,7 +4,9 @@ export class AuthCode extends Model {
   static override table = 'oauth_auth_codes'
   static override keyType = 'string' as const
   static override incrementing = false
+  static override guarded = [] as string[]
   static override fillable = [
+    'id',
     'user_id',
     'client_id',
     'scopes',

package/src/models/Client.ts

@@ -4,7 +4,9 @@ export class Client extends Model {
   static override table = 'oauth_clients'
   static override keyType = 'string' as const
   static override incrementing = false
+  static override guarded = [] as string[]
   static override fillable = [
+    'id',
     'name',
     'secret',
     'redirect',

package/src/models/RefreshToken.ts

@@ -4,7 +4,9 @@ export class RefreshToken extends Model {
   static override table = 'oauth_refresh_tokens'
   static override keyType = 'string' as const
   static override incrementing = false
+  static override guarded = [] as string[]
   static override fillable = [
+    'id',
     'access_token_id',
     'revoked',
     'expires_at',